Hacker pleads guilty to charges he sold “magic passwords” to sensitive networks

A Pennsylvania man has pleaded guilty to charges stemming from a scheme to hack in to sensitive computer networks operated by the University of Massachusetts-Amherst and other sensitive organizations and then sell "magic passwords" providing backdoor access to others.

Andrew James Miller, 23, of Devon, Pennsylvania, pleaded guilty to one count of conspiracy and two counts of computer intrusion, a press release issued Tuesday by the Justice Department said. Court records show a plea agreement in the case was entered on July 15. He faces a maximum penalty of 20 years in prison at sentencing, which is scheduled for November 19.

According to an indictment filed in Massachusetts federal court in June 2012, Miller and other members of a hacking group called the Underground Intelligence Agency hacked into networks and installed backdoors that provided almost unfettered "root" access to anyone who possessed the "magic passwords." He then sold access to the magic passwords and advice on how intruders could avoid being detected. In some cases he also sold lists containing hundreds of usernames and passwords that provided root access. In addition to the University of Massachusetts, affected organizations included Massachusetts-based RNK Telecommunications and Crispin Porter and Bogusky, an advertising and digital agency in Colorado.

Prosecutors alleged that in online conversations, Miller claimed to have accessed two government supercomputers associated with nersc.gov, the Internet domain for the National Energy Research Scientific Computing Center. The center provides computing resources for the US Department of Energy. In the chat, Miller said he installed a backdoor onto several government networks that gave him a reliable way to regain access to them. He posted a network notification banner and file system information to back up his claim that he had access to nersc.gov, according to the indictment. He also mentioned having unauthorized access to about half of the top 500 supercomputers. On some of those systems, Miller claimed to have root access in addition to having access to login credentials.

Miller's scheme came undone when he was contacted by an undercover FBI agent who agreed to buy the backdoor access and database dumps. Miller had the agent send payments over Western Union addressed to "Andrew Miller" in Lancaster Pennsylvania.